Workplace monitoring

How far can employers go in monitoring employees' digital communications without falling foul of the law? How can employers achieve a balance between their interests and employee privacy? Read Rocket Lawyer's guide on workplace monitoring to find out.

Get started

Create your Communications and equipment policy

Answer a few questions. We'll take care of the rest

What is workplace monitoring?

Employers have the right to monitor your activities at work. Workplace monitoring includes:

  • opening mail or e-mail
  • use of automated software to check e-mail
  • checking logs of websites visited
  • recording on CCTV cameras

All of these forms of monitoring are covered by the law on data protection, however, the law does not protect employees from monitoring in the workplace. Instead, it sets down rules about the circumstances and the way in which monitoring should be carried out.

What are the rules on workplace monitoring?

An employer can monitor electronic communications in the workplace where:

  • there is a legitimate business activity
  • the equipment being monitored is provided partly or wholly for work, and
  • the employer has made all reasonable efforts to inform you that your communications will be monitored.

As long as an employer sticks to these rules, they don't need to get employee consent before they monitor electronic communications.

When might an employer monitor an employee?

An employer can only monitor use of electronic communications without consent where there is a 'legitimate business activity':

  • To establish facts that are relevant to the business
  • To check procedures are being followed
  • To check standards (eg the quality of your work)
  • To prevent or detect crime
  • To check for unauthorised use of telecommunications systems, eg whether employees are using the internet or email for personal use
  • To ensure electronic systems are operating effectively
  • To check whether communications received are relevant to the business; and
  • In the interests of national security

Ideally, an employer should have a policy that covers workplace monitoring.

What guidelines must an employer follow?

An employer must give you clear notice in advance that communications might be monitored and how. They must take care to limit the extent of the monitoring to what is strictly necessary. Further, employees must be given safeguards, so that communications cannot be accessed unless they know this might happen.

Employers can limit monitoring in time and limit those who have access to the material.

It is important that the employer thinks through their reasons for monitoring employee communications and accessing their content - are these justifiable to achieve a business purpose?

When monitoring employee communications, the employer must also use the least intrusive methods necessary to achieve the business aim. Before any surveillance can take place, employers must create a policy that lets employees know the circumstances of monitoring and their expectations of fair use. To do this, they must first warn employees about monitoring of their social media use (eg by having a Social media policy) and the types of prohibited behaviour warning that disciplinary action might be taken. For further information, read our Quick Guide on Employees and social media.

As private communication meets the definition of personal data, organisations must prove that they have a lawful ground to collect and monitor this information.

The General Data Protection Regulations (GDPR) say that an employee cannot give consent to an employer because of the inherent imbalance of power. Consent can’t be 'freely given' if the data subject faces a potential negative effect from not consenting. It’s reasonable to expect that an employee might fear losing their job (or at least fear losing favour among their bosses) if they don’t consent to being monitored.

Under no circumstances are employers justified in using exhaustive or automated monitoring methods (such as spyware) to look through an employee’s browser history and workplace communications to find evidence of misuse.

Employers should also refrain from methods that leave no trace of their monitoring, such as physically sitting at the employee’s computer and looking through their private communications.

In short, there should be mutual trust between employee and employer. Employers should aim to achieve a balance between an employee’s right for private correspondence and an employer’s right to take steps to ensure the smooth running of the business.

Get started

Create your Communications and equipment policy

Answer a few questions. We'll take care of the rest